Update dependency express-jwt to v8 - autoclosed #49
+1
−1
Mend for GitHub.com / Mend Security Check
failed
Jul 2, 2024 in 6m 36s
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-29415Path to dependency file: /package.json Path to vulnerable library: /node_modules/ip/package.json Dependency Hierarchy: -> express-ipfilter-1.3.2.tgz (Root Library) -> ❌ ip-2.0.1.tgz (Vulnerable Library) |
 Critical |
9.1 | ip-2.0.1.tgz | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2024-28863 | tar-6.1.13.tgz |
| CVE-2022-23541 | jsonwebtoken-0.3.0.tgz |
| CVE-2024-29041 | express-4.18.2.tgz |
| CVE-2023-42282 | ip-2.0.0.tgz |
| WS-2018-0096 | base64url-0.0.6.tgz |
| CVE-2023-26132 | dottie-2.0.3.tgz |
| CVE-2023-26115 | word-wrap-1.2.3.tgz |
| CVE-2024-29415 | ip-2.0.0.tgz |
| CVE-2020-15084 | express-jwt-0.1.4.tgz |
| CVE-2015-9235 | jsonwebtoken-0.3.0.tgz |
| CVE-2022-25883 | semver-6.3.0.tgz |
| CVE-2022-23539 | jsonwebtoken-0.3.0.tgz |
| CVE-2023-42282 | ip-1.1.8.tgz |
| CVE-2022-25883 | semver-5.7.1.tgz |
| CVE-2022-23540 | jsonwebtoken-0.3.0.tgz |
| CVE-2024-29415 | ip-1.1.8.tgz |
| CVE-2024-4067 | micromatch-4.0.5.tgz |
| CVE-2024-4068 | braces-3.0.2.tgz |
| CVE-2016-1000223 | jws-0.2.6.tgz |
| CVE-2022-25883 | semver-7.3.8.tgz |
Base branch total remaining vulnerabilities: 61
Base branch commit: null
Total libraries scanned: 992
Scan token: 66b30ad8770c43feb799a9cfa8f6f192
Loading